Skip to content

Role-Based Access Control

Mumimo uses a role-based access control (RBAC) system to manage command access. Every command declares its required roles in plugin.toml, and the PrivilegeService checks a user’s roles against those requirements before dispatching the command.

When a command is invoked, PrivilegeService.can_run() applies the following 4-step algorithm:

  1. Blacklist check (highest priority) — If the user has the blacklisted role, the command is denied. This overrides everything, including admin.
  2. Admin allow-all — If the user has the admin role, the command is allowed. Admins bypass all remaining checks.
  3. Empty command roles — If the command declares no roles at all, it is allowed for everyone. This is the default for unrestricted commands.
  4. Intersection check — If the user’s roles share at least one entry with the command’s required roles, the command is allowed. Otherwise it is denied.

This priority order ensures that blacklisting is always respected, admins always have access, and unguarded commands remain open to all users.

Mumimo ships with four built-in roles:

Role Description
blacklisted Explicit deny — overrides everything, even admin.
admin Full access to all commands.
moderator Can manage audio, media, and images.
user Default role; access to basic commands.

You can define additional roles in config.toml under [roles.<name>] with a description field:

[roles.dj]
description = "Can manage audio playback."

Custom roles work exactly like built-in roles — they can be assigned to users and referenced in command role lists.

Operators can override the roles declared in a plugin’s plugin.toml by adding entries to the [command_overrides] section in config.toml:

[command_overrides]
"sound_board.sbdownload" = ["dj"]
"bot_commands.kickuser" = ["admin", "moderator"]

Each key is a "plugin.command" string, and the value is a list of roles that replaces the manifest’s roles at boot. This lets operators tighten or loosen access without modifying plugin files.

Roles can be assigned and revoked at runtime through chat commands (admin-only):

Command Description
!role add <user> <role> Assign a role to a user.
!role remove <user> <role> Remove a role from a user.
!role list <user> List a user’s assigned roles. Usage: !role list <user>.
!roles List all defined roles.